Cisco Patches Local WebEx Vulnerability, Remotely Exploitable in AD Deployments

Cisco Webex Meetings Desktop App for Windows installations before 33.6.0 can be exploited locally by authenticated attackers, allowing for the execution of arbitrary commands as a privileged user, according to a Cisco security advisory.

"The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument," says Cisco's advisory. "An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges."

Furthermore, as explained by Cisco, although the security Cisco Webex Meetings bug (also known as WebExec) requires attackers to have local access to the machines running the vulnerable software.

However, potential adversaries could exploit the vulnerability remotely on systems w... (read more)

No comments:

Post a Comment